7.5
CVE-2023-36647
- EPSS 0.75%
- Veröffentlicht 12.12.2023 01:15:10
- Zuletzt bearbeitet 21.11.2024 08:10:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Prolion ≫ Cryptospike Version3.0.15 Updatep2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.75% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647